Analysis

  • max time kernel
    135s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27-08-2024 00:36

General

  • Target

    c4158cde4006bdabc91c683587d4377c_JaffaCakes118.html

  • Size

    116KB

  • MD5

    c4158cde4006bdabc91c683587d4377c

  • SHA1

    0e7bdbd2a145cafeff4a26e6b3131df9e83d7c7a

  • SHA256

    93c2787a64439fa9ffe4946574ecfd2cc524e280c0c80f9a303234dab2c91d6e

  • SHA512

    ba42ca4e6624a259d535ce36ac8e0c88e3ecadde7bd4aaff7062749ea6f0bafbe6e8bd7399056959d13a6dec43d2f44e910db027a1a08b8fc2d39e71a76c3bba

  • SSDEEP

    3072:6Lqvj40MZEPjLpUxAfYxslxNcl8CLcXmNRS/1nt0X1nT8CalKw+Q7+cRHqjlyy:6sjXmNR0CalKw+N

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c4158cde4006bdabc91c683587d4377c_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

    Filesize

    854B

    MD5

    e935bc5762068caf3e24a2683b1b8a88

    SHA1

    82b70eb774c0756837fe8d7acbfeec05ecbf5463

    SHA256

    a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

    SHA512

    bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

    Filesize

    1KB

    MD5

    4103c21cede21cf344955d79f5f87220

    SHA1

    27a810c177f163fbf28668bee674c0e865057b0d

    SHA256

    d10ee069105b107056114cbd3c1a25feeb99c0cfb59f4e6a9d7105dc943a0f58

    SHA512

    d890a2aaf627e858959825e9c1c14435a8deeff7d1c2c84670067a4f086a5d4ee1f29e3ab8b72c32ec4234cb13fcb9eb0f4cc91a5af4cceb577d91e4ea9f1fed

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    498d5e4268b87ec10d4692b2cfd86e3f

    SHA1

    193ce52a7081ef3d6daeaec52b3e3f08dd002a4e

    SHA256

    4772dc3610d62a06769d80518bac7f6b5d3fe691a6734e3f271cfa6ca55d467b

    SHA512

    d9d31e595b53089e30ea22b271240f6d3aebc6819f7a8a61a50f556b5511d5ddc15cd26c4e7a5f5c5575abfcafac6aa617a37eca50414f11a47962df7b5a5058

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3a6f74481c38be8aa01eafcf138c3d63

    SHA1

    48193f338a066df098a66fc82caea6901df8b235

    SHA256

    4dbc96b772a29100b9a7cd85b9a4e9267879fb09ed1e52c6392638c561bb0878

    SHA512

    1dc91ec2cb0456bffda8e0efdb39f07de5c846285985e873e2c8480857578cde44d4a577486d50a28d5491806cad5d3f370cd2e7cdc869d72ed25c81fd79d1b1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    14910907e246009e91d44aba84b08eb1

    SHA1

    9b361da6ec1927ca150b42cd0225b14e900c5936

    SHA256

    efe70c3ba2b865e4eaed663ccceb807a874b9a8cda87be01ce9c715caf4ccb03

    SHA512

    1c9dd9053e42dc59a46b166893e82a3f6947acd57f425aefcae758ad7938a75b8d685ac141be5f1301c9d9446ff0342f45eec8cbf71fe99c4b7b38a1b63f7f05

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    65cbd5887e00bf78b8cd7758436ab423

    SHA1

    b39012be02eb58490402016c71c87f1c2a0ee5f0

    SHA256

    4220eaad098bb1f668c3c6178e1280a0bce7893a6a90b67c878bde6eed064371

    SHA512

    ae3eec15cc77b823d485a2638c7a5923cddce421f03f22503998c1612e3e3b9a2ae726243bddcd5b8b932b06e63a2205f8a1c01c55e24998e815d25bbbb322bf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    50e28277622dcd85fe8de0906044af5d

    SHA1

    43a7e3d32a454165b464add34d77324c9f160ef1

    SHA256

    1e68c40a017bbb6ada1eb6633f41d1feb82847819a94e2c5acb313a171f15361

    SHA512

    322dbc9a249c3bc7a2f3518117a3557ab6465fbf1e436b6b2c0553d767533cde69ba59b150789e90eb44413e53e822e574aac657e023751bc5e4f432029548b7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    62ba4e7b3d663b2ebdbd9f419b877711

    SHA1

    f7f23d76239528b164ead299e9bffc8694f90694

    SHA256

    c5c7a37efc5f75077f0b9e8ca92617962ac951920a1b9b1bebb0ec40f1813c74

    SHA512

    8c2874dc6444309e644fe31b10ab336c86f9dfd15e6b7bf1dc948c92b2235119ebab8d99ff214673853f0f85b18719132df82cf37e3778faf0e2462a01d15a02

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6f134a9fe43224f0e4df33e657c2fa81

    SHA1

    0c5067ca5dd4e65b21c893c3909c579d96f18526

    SHA256

    816af953b1a7fef417086c2262b33ea80aeeb98bf58f0723288450e8b6eb4957

    SHA512

    3e67067e36fd50815ab98e18036cbfbc654a326754f90e3f0126ba37f50512e17dd62fe12c8ff6cc5cf1347800213ee6f997f18a1b797604eba2c53c41aafaf0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    48a74f4ffbcef6dcc0ed92e50c2f00a7

    SHA1

    eceb88b02b4471eb5bc1b51f2c2751dcb5ce345e

    SHA256

    d91b4b1efb5a15d7ad89645cb44e9a47eac3cbb73bc40462950ebd09433388e1

    SHA512

    05b8462d0879b3ab5b0baea630a3c8bacae8260a7081dd305ef960f3e4032ab1e30b0ccfe8d24be9484b4278c75e9daba7fe487769816c67251dddf8b2ee62c5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3033762dc4f8ce222831e8d213bb3d3d

    SHA1

    d7180f934a96ebc698c6f1dd3f7c473dedb85ad7

    SHA256

    b908adb0898f85ca408e3dbac782721243cf125460bb3683f2bfa0397c63ce0a

    SHA512

    9e3ae580aeffd73af228b05ca65f6e59aadcd791e2cb0b5ef5a0494e34726f477d28e6f617fdacc48861e00b9113c91515ba2cc68feb58127e649f3b7c651290

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    efb402aed0d32f7249df36384d68d6be

    SHA1

    252bc5c71dee49a0e1e6fc10e821dc529b570d17

    SHA256

    b24fada5ab2a45f36406bd97facdad156d3eae1155e6a9fc6e0d18f548d17829

    SHA512

    76cc08133ec653066839d3ecbbe49dc33f00873366a84c84d75ae2638e427d0abb68fe234e09eb2f4169e566627358ab6b0eb30f121c94649dff5039c614f504

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    03f4283cc52121425b5a81d5bf0a56f3

    SHA1

    e56a6deee2514c4444af6d0a18bee7fb1330c438

    SHA256

    8be56f2b8e61d89ddfe16b89f2b3d5cdbe87267907544b475a588e2006956cdd

    SHA512

    8f85985cbb5a240036f0778e70da8a597ec5e00d506b556ee064a1e3f10f68e1462d2f35a4adf44c04519d4645b576cae6a4eaa670ce5522942d5d0a9a71ad41

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f57ab8a6a000465b34aa136f0cb9ddce

    SHA1

    8a428e489b74f3174d6b28f78897e310f2d2ad37

    SHA256

    d55b1276fe48b4fa915cd93198bfec169ee6fb72358a81fa5b065a7934080a70

    SHA512

    78207fe2377c36eb479e1ed3dfd6bf3ef71b97a53196c3e300f0340a5354e01e87a40e8add01841de8a5cf52abb3f69c7e131b950f9ad66d0758666eeac4713a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e28a32be76251ebe9bdcfecbb90e1d4f

    SHA1

    c1e6e503e132924910fb3dedf1912a27e3c88494

    SHA256

    760b5a9614e9a50de8dae42a243a39ffb9cf1b9e3eba3b3f553dd3fcfce44c94

    SHA512

    c7e28e6fcc89e05440cf25dc84e24709b9e19e9a576f3c3dc187c730313fbf61ec1a61203d59080d94845cf6e2a54a2ec9b25a2769acd28598485b37ef857eb6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9bc042af61030f73ecd99729083dd3d9

    SHA1

    ded8c8a06b8da1274b23a7cd1f1a140db5d2cb82

    SHA256

    df252b5065a91ccc8b56e4a821b5cdb1e3da486b52d5aa1174494b768e484bfd

    SHA512

    fbb160765165a0ba252690585d210eb1d51d51ec25f96d2a7a65da1737c1db3c12dd030117ec0887ee07aa9146086e9ae202eea639e0e830bf6ddbcab6a1120e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e78c50bd07c0d2bae65f157c2c1ff882

    SHA1

    23abb0e82c22d0294bb1de1bf31e3d89b8214c1b

    SHA256

    2268741f26f947e4944895cb33596fb17de0a816461e411498198f92a7ffbbf2

    SHA512

    796fef09d0d7fd0eea146ba58c89c5d9b75ad77e3d1b6ae6f960cf64d3f998110a55e1207c0040128f078e917331dd4f40f15c1c683fc24504b7aeea651d55db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    83c0b8aba18d3d48438c18a8d41b2f03

    SHA1

    4f6b1b0c4da4122e9364bb92c5d85086c7413c5e

    SHA256

    e0a3fbf667e69a998db8020825fb7251f0e841bc854e52a47c3a877c3c28c500

    SHA512

    6ed7e2c6e92839332a40e4a97866e899ece4c7d54284d8f698284dabfc940fe251facef107b46d5584d306d0cc3997233772a77fd3fde9e8ca5446941e86b0ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9561720f5ed13a62c52824c5370dd884

    SHA1

    1d874d5331d7e6ebd04d2ac983c1a09970a8b3b0

    SHA256

    e53c7dedfc9d539f7fca9bddb6b2f04c0fe9ae298b57d7fa69a77c6ff891fbbf

    SHA512

    463626a96fa2b48c433d29b20ff2675664d287f39f36bb4f5b2ee3d88e6d55cd0f54aaf9e8f32a89ec8d6f13ca3afa15f1934d61fb490e3424b3518dd9f4603d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    e93477cac1d88090934394fe65cf5e12

    SHA1

    acd83171b8d6775f98120bb827789296791f6131

    SHA256

    6fa7db8301e2417e455e5ec657b446152cdc1bef9384345791283d65e8ece0f1

    SHA512

    9cec57dc2445e0a9c81a18e01332fa034f20a549a24f4061917201ac13dc463d33a670eda7c843716310ff3e7c270403ea442812378e02bf089da4e6b24bbf84

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7H6XY0V\domain_profile[1].htm

    Filesize

    41KB

    MD5

    b36877381f4258d137da05b0bd02bfe7

    SHA1

    ae97e300d79a17c1222faa14f9e35d2f78c5e0f6

    SHA256

    2d8f96c063e605c888bd0e0872ac9992e21faa140d8d6f5ca10e60636f55846b

    SHA512

    fead7959c1a7a713c28818dc49f31076114f4b925572f1cfe745636f4f394de796c4c9a4b44af924eb4d94c7cf8abbb55e393bbcb390d6f183db8905b486d6ca

  • C:\Users\Admin\AppData\Local\Temp\CabAB5E.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar9D5A.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b